package com.queming.core.config;


import com.queming.core.exception.RestAuthenticationEntryPoint;

import com.queming.core.filter.JwtAuthorizationFilter;
import com.queming.service.user.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

/**
 * @author chencidiao
 * @date 2022/04/19 20:45
 **/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
        prePostEnabled = true,
        securedEnabled = true,
        jsr250Enabled = true
)//打开这些选项才能在controller打开权限验证
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private UserService userService;

    @Autowired
    public void setUserService(UserService userService) {
        this.userService = userService;
    }

    RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    public void setRestAuthenticationEntryPoint(RestAuthenticationEntryPoint restAuthenticationEntryPoint) {
        this.restAuthenticationEntryPoint = restAuthenticationEntryPoint;
    }

    public static final String SECRET = "queming";
    public static final long EXPIRATION_TIME = 864000000; // 10 days
    public static final String TOKEN_PREFIX = "Bearer ";
    public static final String HEADER_STRING = "Authorization";
    public static final String CREATE_TOKEN_URL = "/token";
    public static final String GET_SETTING_URL = "/setting/site";



    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.cors().and().csrf().disable()//开启跨域并且关闭crsf验证
                .authorizeRequests()
                .antMatchers(CREATE_TOKEN_URL).permitAll()
                .antMatchers(GET_SETTING_URL).permitAll()
                .antMatchers("/playlist/**").permitAll()
                .antMatchers("/artist/**").permitAll()
                .anyRequest().authenticated()  //其他请求需要鉴权之后再访问
                .and()

                .addFilter(new JwtAuthorizationFilter(authenticationManager(),userService))
                .exceptionHandling()
                //权限不够
                .authenticationEntryPoint(restAuthenticationEntryPoint)
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//把session改成jwt无状态鉴权

    }


    /**
     * @author 陈词调
     * @date 2022/4/28
     * 白名单
     * 放行swagger相关的url
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/swagger**/**")
                .antMatchers("/webjars/**")
                .antMatchers("/v3/**")
                .antMatchers("/doc.html")
                .antMatchers("/wechat/**")
        ;

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService);
    }
}
